3.0.0-beta3 Preview release and security announcements

FreeRDP 3.0.0-beta3 has just been released and uploaded to

https://pub.freerdp.com/releases/

3.0.0-beta3 is the third beta for a new major release and fixes lots of issues found in (or not ready for) the previous beta. See our ChangeLog for a complete list of changes https://github.com/FreeRDP/FreeRDP/blob/3.0.0-beta3/ChangeLog

With this release we also publish a couple of CVE reported by @pwn2carr that have been fixed with current 2.11.0 and 3.0.0-beta3:

1. 3.0.0-beta3 only:

• CVE-2023-39355
• CVE-2023-40187
• CVE-2023-40574
• CVE-2023-40575
• CVE-2023-40576

1. Both, 3.0.0-beta3 and 2.11.0

• CVE-2023-39350
• CVE-2023-39351
• CVE-2023-39352
• CVE-2023-39353
• CVE-2023-39354
• CVE-2023-39356
• CVE-2023-40181
• CVE-2023-40186
• CVE-2023-40188
• CVE-2023-40567
• CVE-2023-40569
• CVE-2023-40589

Short summary of the fixed issues:

• All CVE are client only (FreeRDP based servers and proxy are not affected)
• All are related to video decoding and improper input validation